What is the best way to securing stuff?

In today's world where getting hacked is so common place that it is being discussed over a quiet beverage after work, I was asked this question and thought the answer was worthy of sharing.

When you look at securing anything, all solutions are based around 3 basic fundamentals:
1) Something you are (#1).
2) Something you know (#2).
3) Something you have (#3).

Diverting for a moment to some historic examples:

• In the old days, the key to your house was something you have (#2). Obviously if someone manages to steal it or copy it they get access to your house. Low hassle and higher risk.
• Banks stepped it up when they originally issued cards (#3) that required a signature (#1) although the signature check became inherently weak over time.
• The Payments Cards Industry altered that second factor by changing signature (#1) to a PIN code (#2) and forced everyone to use it (although some countries see limited benefit and are slow to adopt). They have recently lowered security for low value items in Australia (paywave) to just (#3). 

If you want to secure your own 'stuff' that has significant value to you you have to do the following:
a)  Firstly have a back up in a completely different ecosystem (I will explain that in a different post if people are interested).
b) You need to use at least two of #1,#2 or #3, with #1 being the most secure.

To demonstrate a poor security example:- A username and password is just two of the same type (#2) and quite insecure.

As we head into an increasingly digital world, there is the temptation to lower your security level for convenience. An example is a single tap to access an APP (#3) or automatic login. Phone companies are trying to help protect you by adding biometrics (#1) to unlock the phone (face, fingerprint), but you are also giving your biometrics to the phone companies that have a huge number of employee's and the misuse of corporate access to your devices and data is increasing.

When looking to secure anything, it is best to use at least one each of two different types.

So, that's the point, from houses, cars, cash, online identity and data, they all follow the same basic fundamental concepts.

If you have any questions, please send them through and have a great day!


Ross.